Virus

Virus:Win32/Xorer.A removal instruction

Malware Removal

The Virus:Win32/Xorer.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Virus:Win32/Xorer.A virus can do?

  • Sample contains Overlay data
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Virus:Win32/Xorer.A?


File Info:

name: B261EFDCB9AA8B4F4FF0.mlw
path: /opt/CAPEv2/storage/binaries/519edf548c90307d9ff73ec42e8ff306d03f5d921dee442d348f5d4f41255dbd
crc32: B80655AB
md5: b261efdcb9aa8b4f4ff0df75d55c70df
sha1: ce2c61908ab919ce3a302e04f716870d77580b43
sha256: 519edf548c90307d9ff73ec42e8ff306d03f5d921dee442d348f5d4f41255dbd
sha512: f2a7a2b6d09b221d01e4de86b77d0ef6a99ca9270454681b6a625d82d706013d69c0551e8c068a6fefaf2c6a8a0327d7f1b15fc1317a77fa62133472d3f51d36
ssdeep: 6144:6sJFPaMehSA+TGc3Sd00D0td0bxFsJFPaMe0S:RFPfpSd00D0X0FEFP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E7449027A95C4A1F6694430992ADBBA837ABC325FDC82C7BBC0FE1F2D714D3D919601
sha3_384: dbdd567db6cfa0943339518decfbad4b3f96f8fc03a942104bf1b76e04bf1a481fe442d08b4fd997abc18305aab00872
ep_bytes: 558bec6aff6810874000681471400064
timestamp: 2007-12-16 23:17:56

Version Info:

0: [No Data]

Virus:Win32/Xorer.A also known as:

BkavW32.DashferC.PE
LionicVirus.Win32.Xorer.n!c
MicroWorld-eScanTrojan.Generic.2156892
FireEyeGeneric.mg.b261efdcb9aa8b4f
CAT-QuickHealW32.Switch.A
McAfeeGeneric.bxf
CylanceUnsafe
VIPRETrojan.Generic.2156892
SangforSuspicious.Win32.Save.ins
K7AntiVirusRiskware ( 0040eff71 )
AlibabaVirus:Win32/Xorer.e5a34b0e
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.cb9aa8
BitDefenderThetaGen:NN.ZexaF.34682.uqZ@aqFOZXmb
VirITTrojan.Win32.Generic.AGMB
CyrenW32/BadBHO.A.gen!Eldorado
SymantecW32.Pagipef.I!inf
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Xorer
BaiduWin32.Virus.Xorer.gen
TrendMicro-HouseCallPE_PAGIPEF.AD
Paloaltogeneric.ml
ClamAVWin.Trojan.Xorer-5
KasperskyVirus.Win32.Xorer.ch
BitDefenderTrojan.Generic.2156892
NANO-AntivirusTrojan.Win32.Xorer.tvxsc
CynetMalicious (score: 100)
AvastWin32:Evo-gen [Trj]
TencentVirus.Win32.DiskGen.aa
Ad-AwareTrojan.Generic.2156892
SophosML/PE-A + Troj/Xorer-E
ComodoTrojWare.Win32.Agent.dzc_20@1mc7gm
DrWebWin32.HLLW.Autoruner.origin
ZillyaVirus.Xorer.Win32.8
TrendMicroPE_PAGIPEF.AD
McAfee-GW-EditionBehavesLike.Win32.Sodinokibi.fm
SentinelOneStatic AI – Malicious PE
EmsisoftTrojan.Generic.2156892 (B)
APEXMalicious
JiangminWin32/Kdcyy.Gen
AviraTR/Agent.45056.I
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASBOL.1D08
MicrosoftVirus:Win32/Xorer.A
ArcabitTrojan.Generic.D20E95C
GDataTrojan.Generic.2156892
GoogleDetected
AhnLab-V3Win32/Diskgen.Gen
ALYacTrojan.Generic.2156892
VBA32Virus.Win32.Xorer.gn
RisingWorm.Win32.DiskGen.bh (CLASSIC)
YandexWin32.Xorer.Gen
IkarusVirus.Win32.Xorer
MaxSecureVirus.Xorer
FortinetW32/Xorer.DR
AVGWin32:Evo-gen [Trj]
PandaAdware/BaiduBar
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Virus:Win32/Xorer.A?

Virus:Win32/Xorer.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment